package org.yjc.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.yjc.service.SysUserService;
@Configurable
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
	
	@Autowired
	private SysUserService sysUserService;
	
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth
			.userDetailsService(sysUserService)  	//设置用什么去查找用户
			.passwordEncoder(new BCryptPasswordEncoder()); //设置用什么去对密码加密，在spring boot 2.0这个是必须的
		auth.inMemoryAuthentication().withUser("yanjiacheng").password("{noop}xiaopangzi").roles("DBA");
	}

	
		@Override
		protected void configure(HttpSecurity http) throws Exception {
			http.csrf().disable();  //取消令牌
			http.headers().frameOptions().disable();    //解决iframe与安全器兼容性问题
			http.formLogin()
				.loginPage("/login").permitAll()
				// 设置默认登录成功跳转页面
				.defaultSuccessUrl("/")
				// 设置默认登录成失败跳转页面
				.failureUrl("/login?error");
			
			//设置不需要登陆就可以直接访问的地址
			http.authorizeRequests().antMatchers("/static/**").permitAll();
			http.authorizeRequests().antMatchers("/find/**").permitAll();
			http.authorizeRequests().antMatchers("/webjars/**").permitAll();
			http.authorizeRequests().antMatchers("/findpwd").permitAll();
			http.authorizeRequests().antMatchers("/yx").permitAll();
			http.authorizeRequests().antMatchers("/username").permitAll();
			http.authorizeRequests().antMatchers("/zhmm1").permitAll();
			http.logout().logoutUrl("/logout").permitAll();
			
			//设置必须要通过请求验证登陆
			http.authorizeRequests().anyRequest().authenticated();
		}
	}